| Author |
Message |
Asgard Hostmaster
Guest
|
 Posted:
Thu Oct 14, 2004 7:11 am Post subject:
FRS: Error 13508 |
|
|
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the only
thing i'm trying to replicate is SYSVOL. I've been through all the KBs and
such I can find, and have cleared a few issues, but still no luck getting it
working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine transactions?
thanks,
David |
|
| Back to top |
|
 |
Asgard Hostmaster
Guest
|
| Posted:
Thu Oct 14, 2004 7:18 am Post subject:
Re: Error 13508 |
|
|
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
| Quote: | Hi folks,
I'm still struggling with getting FRS working properly. To recap, the only
thing i'm trying to replicate is SYSVOL. I've been through all the KBs and
such I can find, and have cleared a few issues, but still no luck getting
it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Asgard Hostmaster
Guest
|
| Posted:
Sat Oct 16, 2004 6:49 pm Post subject:
Re: Error 13508 |
|
|
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the third
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc call]
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send Penalty]
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name is
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydomain,dc=net
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
| Quote: | just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the
only thing i'm trying to replicate is SYSVOL. I've been through all the
KBs and such I can find, and have cleared a few issues, but still no luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Glenn LeCheminant
Guest
|
| Posted:
Sat Oct 16, 2004 10:28 pm Post subject:
Re: Error 13508 |
|
|
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
| Quote: | FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
|
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
| Quote: | computer for DFS|CLIENTSITES
|
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is missing the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the server which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
| Quote: | Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo |
main,dc=net
| Quote: | FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the
only thing i'm trying to replicate is SYSVOL. I've been through all the
KBs and such I can find, and have cleared a few issues, but still no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the
net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Asgard Hostmaster
Guest
|
| Posted:
Sun Oct 17, 2004 12:25 am Post subject:
Re: Error 13508 |
|
|
Hi Glen,
Thanks very much for the reply! The cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which, DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
"Glenn LeCheminant" <the.only@gmail.com> skrev i meddelandet
news:eY%23mUW6sEHA.2804@TK2MSFTNGP14.phx.gbl...
| Quote: | FRS stores all its topology info in AD.
this diag spells it out pretty clearly
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is missing
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the server
which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
Removing and readding each Domain Controller in turn has fixed this
error.
Now I'm managing to replicate SYSVOL and two other folders, but the third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the
only thing i'm trying to replicate is SYSVOL. I've been through all
the
KBs and such I can find, and have cleared a few issues, but still no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find
it
addressed anywhere on the MS site or newsgroups or elsewhere on the
net.
I've tried resetting the machine password on SB-2 using netdom, but
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Glenn L
Guest
|
| Posted:
Sun Oct 17, 2004 1:39 am Post subject:
Re: Error 13508 |
|
|
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is bogus or
not.
Glenn
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:%23yOn6X7sEHA.820@TK2MSFTNGP12.phx.gbl...
| Quote: | Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
"Glenn LeCheminant" <the.only@gmail.com> skrev i meddelandet
news:eY%23mUW6sEHA.2804@TK2MSFTNGP14.phx.gbl...
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is missing
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the server
which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
Removing and readding each Domain Controller in turn has fixed this
error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name
is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference
is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
only thing i'm trying to replicate is SYSVOL. I've been through all
the
KBs and such I can find, and have cleared a few issues, but still no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find
it
addressed anywhere on the MS site or newsgroups or elsewhere on the
net.
I've tried resetting the machine password on SB-2 using netdom, but
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Asgard Hostmaster
Guest
|
| Posted:
Thu Oct 21, 2004 12:14 am Post subject:
Re: Error 13508 |
|
|
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
"Glenn L" <the.only@gmail.com> wrote in message
news:uBkmTB8sEHA.3912@TK2MSFTNGP10.phx.gbl...
| Quote: | Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is bogus
or
not.
Glenn
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:%23yOn6X7sEHA.820@TK2MSFTNGP12.phx.gbl...
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
"Glenn LeCheminant" <the.only@gmail.com> skrev i meddelandet
news:eY%23mUW6sEHA.2804@TK2MSFTNGP14.phx.gbl...
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is missing
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the server
which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
Removing and readding each Domain Controller in turn has fixed this
error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name
is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference
is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps
a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
only thing i'm trying to replicate is SYSVOL. I've been through all
the
KBs and such I can find, and have cleared a few issues, but still
no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on the
net.
I've tried resetting the machine password on SB-2 using netdom, but
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Glenn L
Guest
|
| Posted:
Thu Oct 21, 2004 2:32 am Post subject:
Re: Error 13508 |
|
|
Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:OQLpPkttEHA.1008@tk2msftngp13.phx.gbl...
| Quote: | Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
"Glenn L" <the.only@gmail.com> wrote in message
news:uBkmTB8sEHA.3912@TK2MSFTNGP10.phx.gbl...
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is bogus
or
not.
Glenn
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:%23yOn6X7sEHA.820@TK2MSFTNGP12.phx.gbl...
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
"Glenn LeCheminant" <the.only@gmail.com> skrev i meddelandet
news:eY%23mUW6sEHA.2804@TK2MSFTNGP14.phx.gbl...
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the server
which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
Removing and readding each Domain Controller in turn has fixed this
error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
only thing i'm trying to replicate is SYSVOL. I've been through
all
the
KBs and such I can find, and have cleared a few issues, but still
no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on
the
net.
I've tried resetting the machine password on SB-2 using netdom,
but
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Asgard Hostmaster
Guest
|
| Posted:
Thu Oct 21, 2004 4:47 am Post subject:
Re: Error 13508 |
|
|
hmmm, I guess this would account for problems coming and going - it depends
which of the upper ports might be blocked and which RPC requests? I asked
the datacentre a couple of weeks ago if they where blocking any ports on
their internal routers that might be causing problems but I had no reply.
I'll try again!
Incidentally, if this is a "classic cause" it should be on a KB or
something! Not something I'd come across as a potential cause of 13508s,
though I suspected it.
"Glenn L" <the.only@gmail.com> wrote in message
news:%235j8FxutEHA.1720@TK2MSFTNGP14.phx.gbl...
| Quote: | Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous
network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate
request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:OQLpPkttEHA.1008@tk2msftngp13.phx.gbl...
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
"Glenn L" <the.only@gmail.com> wrote in message
news:uBkmTB8sEHA.3912@TK2MSFTNGP10.phx.gbl...
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:%23yOn6X7sEHA.820@TK2MSFTNGP12.phx.gbl...
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3
subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
"Glenn LeCheminant" <the.only@gmail.com> skrev i meddelandet
news:eY%23mUW6sEHA.2804@TK2MSFTNGP14.phx.gbl...
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects
and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
Removing and readding each Domain Controller in turn has fixed this
error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To
recap,
the
only thing i'm trying to replicate is SYSVOL. I've been through
all
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on
the
net.
I've tried resetting the machine password on SB-2 using netdom,
but
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Asgard Hostmaster
Guest
|
| Posted:
Thu Oct 21, 2004 8:03 am Post subject:
Re: Error 13508 |
|
|
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with RRAS
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
"Glenn L" <the.only@gmail.com> wrote in message
news:%235j8FxutEHA.1720@TK2MSFTNGP14.phx.gbl...
| Quote: | Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous
network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate
request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:OQLpPkttEHA.1008@tk2msftngp13.phx.gbl...
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
"Glenn L" <the.only@gmail.com> wrote in message
news:uBkmTB8sEHA.3912@TK2MSFTNGP10.phx.gbl...
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:%23yOn6X7sEHA.820@TK2MSFTNGP12.phx.gbl...
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3
subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
"Glenn LeCheminant" <the.only@gmail.com> skrev i meddelandet
news:eY%23mUW6sEHA.2804@TK2MSFTNGP14.phx.gbl...
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects
and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
Removing and readding each Domain Controller in turn has fixed this
error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To
recap,
the
only thing i'm trying to replicate is SYSVOL. I've been through
all
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on
the
net.
I've tried resetting the machine password on SB-2 using netdom,
but
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Asgard Hostmaster
Guest
|
| Posted:
Thu Oct 21, 2004 11:52 am Post subject:
Re: Error 13508 |
|
|
Ahh well, I managed to get the VPN up and running fine, but I'm still
getting the same errors in the NTFRS log. Namely -
**********
<FrsDsFindComputer: 3644: 8806: S2: 00:14:56> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydomain,dc=net
<FrsDsGetSubscribers: 3644: 8239: S0: 00:14:56> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3644: 8239: S0: 00:14:56> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2108: 6938: S0: 00:14:56> :X: ERROR - no parent
computer for DFSROOT|ASGARDWEB : WStatus: ERROR_FILE_NOT_FOUND
**********
and
**********
<SndCsMain: 3512: 867: S0: 00:16:18> :SR: Cmd 00ea7c50, CxtG 222709df, WS
ERROR_ACCESS_DENIED, To SB-2.mydomain.net Len: (356) [SndFail - rpc call]
<SndCsMain: 3512: 889: S0: 00:16:18> :SR: Cmd 00ea7c50, CxtG 222709df, WS
ERROR_ACCESS_DENIED, To SB-2.mydomain.net Len: (356) [SndFail - Send
Penalty]
**********
So it looks like it's not a firewalling problem :-(
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:%23HWrVqxtEHA.3788@TK2MSFTNGP09.phx.gbl...
| Quote: | Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with RRAS
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
"Glenn L" <the.only@gmail.com> wrote in message
news:%235j8FxutEHA.1720@TK2MSFTNGP14.phx.gbl...
Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous
network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate
request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:OQLpPkttEHA.1008@tk2msftngp13.phx.gbl...
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
"Glenn L" <the.only@gmail.com> wrote in message
news:uBkmTB8sEHA.3912@TK2MSFTNGP10.phx.gbl...
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:%23yOn6X7sEHA.820@TK2MSFTNGP12.phx.gbl...
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3
subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
"Glenn LeCheminant" <the.only@gmail.com> skrev i meddelandet
news:eY%23mUW6sEHA.2804@TK2MSFTNGP14.phx.gbl...
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects
and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in
message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
Removing and readding each Domain Controller in turn has fixed
this
error.
Now I'm managing to replicate SYSVOL and two other folders, but
the
third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN
is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To
recap,
the
only thing i'm trying to replicate is SYSVOL. I've been through
all
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on
the
net.
I've tried resetting the machine password on SB-2 using netdom,
but
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Glenn L
Guest
|
| Posted:
Thu Oct 21, 2004 12:00 pm Post subject:
Re: Error 13508 |
|
|
Yes...FRS still has lots of room for improving the ease of troubleshooting
(i.e. KBs)
Rather than setup VPN structure, there is an easier way. Assuming your
router admins are willing to open one port.
You can force FRS replication to use a specific high RPC port.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319553
Also, here is the "all inclusive" link for Windows server system port
requirements.
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:%23HWrVqxtEHA.3788@TK2MSFTNGP09.phx.gbl...
| Quote: | Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with RRAS
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
"Glenn L" <the.only@gmail.com> wrote in message
news:%235j8FxutEHA.1720@TK2MSFTNGP14.phx.gbl...
Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81,
WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous
network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate
request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:OQLpPkttEHA.1008@tk2msftngp13.phx.gbl...
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
"Glenn L" <the.only@gmail.com> wrote in message
news:uBkmTB8sEHA.3912@TK2MSFTNGP10.phx.gbl...
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in message
news:%23yOn6X7sEHA.820@TK2MSFTNGP12.phx.gbl...
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3
subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
"Glenn LeCheminant" <the.only@gmail.com> skrev i meddelandet
news:eY%23mUW6sEHA.2804@TK2MSFTNGP14.phx.gbl...
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects
and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in
message
news:ecUUBc4sEHA.2556@tk2msftngp13.phx.gbl...
Removing and readding each Domain Controller in turn has fixed
this
error.
Now I'm managing to replicate SYSVOL and two other folders, but
the
third
refuses. Error in ntfrs.log now is -
SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
rpc
call]
SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
Send
Penalty]
FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN
is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
is
sb-3.mydomain.net
FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:OQhFaQZsEHA.2800@tk2msftngp13.phx.gbl...
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
a
Kerberos problem?
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> skrev i
meddelandet
news:uUOF1MZsEHA.2460@TK2MSFTNGP09.phx.gbl...
Hi folks,
I'm still struggling with getting FRS working properly. To
recap,
the
only thing i'm trying to replicate is SYSVOL. I've been
through
all
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I
can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere
on
the
net.
I've tried resetting the machine password on SB-2 using
netdom,
but
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
|
|
|
| Back to top |
|
|
Glenn L
Guest
|
| Posted:
Thu Oct 21, 2004 2:35 pm Post subject:
Re: Error 13508 |
|
|
Blast....FRS !@#$%
| Quote: | SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
|
Are you still seeing these invalid partner errors in the FRS debug logs?
If so, I have a hunch on root cause and ultimately how to fix it.
The server that reported this error thinks SB-2$ has a machine SID of
S-1-5-21-484763869-1972579041-1417001333-1809
If SB-2$ lost its computer account in the domain and it had to be rejoined,
it would get a new SID.
However, FRS stores this info in its local database and has no way to
dynamically update it if this event occurs.
Therefore FRS replication breaks down.
You can actually determine what the current machine SID for SB-2$ is by
using a resource kit tool. (I can't think of the name of it.)
You were right on in your original post. I should have caught
on.....completely glossed over it in favor of the nosubscriber errors.
The only way to update the FRS database is to blow it away (the one that is
reporting the errors), and force the replica to re-initialize.
couple of ways to accomplish this.
stop FRS
rename %systemroot%\ntfrs\jet folder.
start FRS
or
stop FRS
HKLM\system\ccs\services\ntfrs\parameters\backup/restore\process at startup
modify "burflags" to a HEX value of D2
start FRS.
Both of these processes will reinitialize the database forcing the member to
rejoin the replica set (and learn the SIDs of its upstream neighbors)
ALL DATA in the set will be moved into the ntfrs-preexisting folder.
then an optimized synchronization will take place. any data that is the same
on an upstream neighbor will be moved from the ntfrs pre-existing
anything different will be copied across the network.
This can take a considerable amount of time depending on the number of
files, processor, memory, and to a lesser extent bandwidth.
If this is what you are experiencing, then it is rather rare.
But it is common enough for MS to provide a bit more resiliency in FRS IMHO.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Glenn L" <the.only@gmail.com> wrote in message
news:OlDf1uztEHA.2680@TK2MSFTNGP15.phx.gbl...
| Quote: | Yes...FRS still has lots of room for improving the ease of troubleshooting
(i.e. KBs)
Rather than setup VPN structure, there is an easier way. Assuming your
router admins are willing to open one port.
You can force FRS replication to use a specific high RPC port.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319553
Also, here is the "all inclusive" link for Windows server system port
requirements.
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:%23HWrVqxtEHA.3788@TK2MSFTNGP09.phx.gbl...
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with
RRAS
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
"Glenn L" <the.only@gmail.com> wrote in message
news:%235j8FxutEHA.1720@TK2MSFTNGP14.phx.gbl...
Ah RPC failures, I zoned in on the NTFRS subscriber objects and
didn't
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81,
WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the
two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous
network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the
SMB
session setup.
basically the process works are follows. client sends SMB negotiate
request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
"Asgard Hostmaster" <hostmaster@_remove_asgard.net> wrote in message
news:OQLpPkttEHA.1008@tk2msftngp13.phx.gbl...
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
"Glenn L" <the.only@gmail.com> wrote in message
news:uBkmTB8sEHA.3912@TK2MSFTNGP10.phx.gbl...
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one
that
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
"Asgard Hostmaster" <hostmaster@asgard_remove_.net> wrote in
message
news:%23yOn6X7sEHA.820@TK2MSFTNGP12.phx.gbl...
|
| |
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in